CVE-2020-5398

HIGH Year: 2020
CVSS v3 Score
8.0
High
CVSS v2 Score
7.6
High
Weakness Type
CWE-79
View all →

Vulnerability Description

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

Related Vulnerabilities

CVE-2017-10612

HIGH
CVSS:8.0(High)

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal informati...

CWE-792017

CVE-2019-1583

HIGH
CVSS:8.0(High)

Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another use...

CWE-792019

CVE-2019-17333

HIGH
CVSS:8.0(High)

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releas...

CWE-792019

CVE-2020-35936

HIGH
CVSS:8.0(High)

Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotel...

CWE-792020

CVE-2020-35937

HIGH
CVSS:8.0(High)

Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a re...

CWE-792020

CVE-2021-23271

HIGH
CVSS:8.0(High)

The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Sc...

CWE-792021